Loading ...

HIPAA Compliance:

What is a Trusted Business Associate?

A “Business Associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a Covered Entity. The Privacy Rule lists some of the functions or activities, as well as the particular services, that make a person or entity a Business Associate, if the activity or service involves the use or disclosure of protected health information. The types of functions or activities that may make a person or entity a Business Associate include payment or health care operations activities, as well as other functions or activities regulated by the Administrative Simplification Rules.

Business associate functions and activities include: claims processing or administration; data analysis, administration, utilization review, quality assurance, billing, benefit management, practice management and repricing. Business associate services are: legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation and financial. See the definition of “Business Associate” in HIPAA 45 CFR 160.103. As a business and network consultant Farmhouse Networking is bound to healthcare Covered Entities as a Business Associate that bears pre-defined responsibilities according to the Security Rule. Broadly speaking, the Security Rule requires that a Business Associate implement administrative, physical, and technical safeguards. In addition, it imposes other organizational requirements and a need to document processes analogous to the Privacy Rule.

These services usually include providing the trusted technology advisement needed to make informed decisions, automation of computer maintenance tasks, oversite of network operations, and proactive monitoring of all connected systems.

Like large companies, small businesses need technology to operate at peak efficiently and to compete effectively. As reliance on technology grows, the employees who normally fix the small stuff can quickly be overwhelmed and become unable to perform the duties originally hired for. Outside help is needed to support this increasingly complex network and computing environment.

Looking to Become PCI Compliant

New rules around the security of payment card data are set to take effect with PCI DSS Version 3.2, beginning April 2016. While changes in the new regulations focus on clarification, providing merchants and payment processors with additional information on expectations and requirements, small businesses will want to pay particular attention to a handful of upcoming revisions.

Learn More

Looking to Become CMMC Compliant

New standards around the cybersecurity of Defense Industrial Base contractors have been going into effect since the end of 2020. These standards are based on NIST 800 and will require assessments to become certified.

Learn More
HIPAA Compliance Audit

HIPAA Compliance Consultation:

The HIPAA Privacy & Security Rules apply to all healthcare providers, health plans, healthcare clearinghouses, and to any service provider that manages electronic protected health information (ePHI). This applies to organizations in the life sciences field such as medical devices, biotechnology, and pharmaceuticals. Understanding these regulations and how they are to be applied to a practice is a complicated, time consuming process. Farmhouse Networking will comprehensively evaluate the practice to determine the needed administrative, physical, and technical safeguards to comply with the HIPAA Privacy & Security Rules. Documentation will be created outlining security practices and breach notification regulations with a comprehensive Information Security Policy for the practice after explaining how HIPAA/HITECH/Omnibus Rules will impact your organization. An inventory of the network is done to identify where all current assets reside then deficiencies in network security will be prioritized so that the necessary cybersecurity measures can be implemented to mitigate risk and achieve HIPAA compliance. Once HIPAA compliance has been acheived then regular meetings will be scheduled to review current policy and maintain the documentation as needed.

HIPAA Compliant

Things that are typically addressed during the comprehensive evalution of complaince & security are:

  • Antivirus Software/Virus Protection
  • SPAM Filtering/Email Encryption
  • Employee Web Traffic Filtering
  • Firewall Policies/Network Access Lists
  • VPN Connections/Remote Access
  • User Accounts/Password Policies
  • Data Retention Policies/NAID AAA Certified Information Destruction
  • File Access/Audit Logging
  • Backup/Recovery Procedures
  • Business Associate Compliance Audit
  • Information Systems Inventory
  • Penetration Testing / Vulnerability Scanning

Getting HIPAA Compliant is Easy

A quick form starts the process

Request an Evaluation

Evaluation Signup

[contact-form-7 id="452" title="Free Network Evaluation"]
And God will generously provide all you need. Then you will always have everything you need and plenty left over to share with others. As the Scriptures say,
“They share freely and give generously to the poor. Their good deeds will be remembered forever.”
For God is the one who provides seed for the farmer and then bread to eat. In the same way, he will provide and increase your resources and then produce a great harvest of generosity in you. - 2 Corinthians 9:8-10